From: Wouter Wijngaards Date: Mon, 5 Feb 2018 09:42:42 +0000 (+0000) Subject: auth zone ixfr unit test, and fixes. X-Git-Tag: release-1.7.0rc1~57 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=172b84f7ce6507e96fe51bd94448222a5a47274b;p=thirdparty%2Funbound.git auth zone ixfr unit test, and fixes. git-svn-id: file:///svn/unbound/trunk@4504 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/services/authzone.c b/services/authzone.c index 395d7cbad..7fa5094e8 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -3472,13 +3472,15 @@ xfr_create_ixfr_packet(struct auth_xfer* xfr, sldns_buffer* buf, uint16_t id) /* append serial for IXFR */ if(qinfo.qtype == LDNS_RR_TYPE_IXFR) { - sldns_buffer_set_position(buf, sldns_buffer_limit(buf)); + size_t end = sldns_buffer_limit(buf); + sldns_buffer_clear(buf); + sldns_buffer_set_position(buf, end); /* auth section count 1 */ - sldns_buffer_write_u16_at(buf, 1, LDNS_NSCOUNT_OFF); + sldns_buffer_write_u16_at(buf, LDNS_NSCOUNT_OFF, 1); /* write SOA */ sldns_buffer_write_u8(buf, 0xC0); /* compressed ptr to qname */ sldns_buffer_write_u8(buf, 0x0C); - sldns_buffer_write_u16(buf, qinfo.qtype); + sldns_buffer_write_u16(buf, LDNS_RR_TYPE_SOA); sldns_buffer_write_u16(buf, qinfo.qclass); sldns_buffer_write_u32(buf, 0); /* ttl */ sldns_buffer_write_u16(buf, 22); /* rdata length */ @@ -3738,7 +3740,7 @@ apply_ixfr(struct auth_xfer* xfr, struct auth_zone* z, /* failed to parse RR */ return 0; } - if(verbosity>=7) log_rrlist_position("apply_ixfr", + if(verbosity>=7) log_rrlist_position("apply ixfr", rr_chunk, rr_dname, rr_type, rr_counter); /* twiddle add/del mode and check for start and end */ if(rr_counter == 0 && rr_type != LDNS_RR_TYPE_SOA) @@ -3756,7 +3758,7 @@ apply_ixfr(struct auth_xfer* xfr, struct auth_zone* z, if(have_transfer_serial == 0) { have_transfer_serial = 1; transfer_serial = serial; - delmode = 0; + delmode = 1; /* gets negated below */ } else if(transfer_serial == serial) { have_transfer_serial++; if(rr_counter == 1) { @@ -3790,6 +3792,8 @@ apply_ixfr(struct auth_xfer* xfr, struct auth_zone* z, /* if the RR is deleted twice or added twice, then we * softfail, and continue with the rest of the IXFR, so * that we serve something fairly nice during the refetch */ + if(verbosity>=7) log_rrlist_position((delmode?"del":"add"), + rr_chunk, rr_dname, rr_type, rr_counter); if(delmode) { /* delete this RR */ int nonexist = 0; @@ -3802,9 +3806,15 @@ apply_ixfr(struct auth_xfer* xfr, struct auth_zone* z, } if(nonexist) { /* it was removal of a nonexisting RR */ + if(verbosity>=4) log_rrlist_position( + "IXFR error nonexistent RR", + rr_chunk, rr_dname, rr_type, rr_counter); softfail = 1; } - } else { + } else if(rr_counter != 0) { + /* skip first SOA RR for addition, it is added in + * the addition part near the end of the ixfr, when + * that serial is seen the second time. */ int duplicate = 0; /* add this RR */ if(!az_insert_rr_decompress(z, rr_chunk->data, @@ -3816,6 +3826,9 @@ apply_ixfr(struct auth_xfer* xfr, struct auth_zone* z, } if(duplicate) { /* it was a duplicate */ + if(verbosity>=4) log_rrlist_position( + "IXFR error duplicate RR", + rr_chunk, rr_dname, rr_type, rr_counter); softfail = 1; } } @@ -3823,7 +3836,10 @@ apply_ixfr(struct auth_xfer* xfr, struct auth_zone* z, rr_counter++; chunk_rrlist_gonext(&rr_chunk, &rr_num, &rr_pos, rr_nextpos); } - if(softfail) return 0; + if(softfail) { + verbose(VERB_ALGO, "IXFR did not apply cleanly, fetching full zone"); + return 0; + } return 1; } diff --git a/testcode/fake_event.c b/testcode/fake_event.c index 034f3ee56..376f9b3f7 100644 --- a/testcode/fake_event.c +++ b/testcode/fake_event.c @@ -334,6 +334,7 @@ fill_buffer_with_reply(sldns_buffer* buffer, struct entry* entry, uint8_t* q, int i = tcp_pkt_counter; while(reppkt && i--) reppkt = reppkt->next; + if(!reppkt) fatal_exit("extra packet read from TCP stream but none is available"); log_pkt("extra_packet ", reppkt->reply_pkt, reppkt->reply_len); } if(reppkt->reply_from_hex) { diff --git a/testdata/auth_xfr.rpl b/testdata/auth_xfr.rpl index effa5c5ff..2dd2b7ae2 100644 --- a/testdata/auth_xfr.rpl +++ b/testdata/auth_xfr.rpl @@ -36,7 +36,7 @@ stub-zone: stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. CONFIG_END -SCENARIO_BEGIN Test authority zone with zonefile +SCENARIO_BEGIN Test authority zone with AXFR ; K.ROOT-SERVERS.NET. RANGE_BEGIN 0 100 diff --git a/testdata/auth_xfr_ixfr.rpl b/testdata/auth_xfr_ixfr.rpl new file mode 100644 index 000000000..36d282449 --- /dev/null +++ b/testdata/auth_xfr_ixfr.rpl @@ -0,0 +1,274 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + master: 1.2.3.44 + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: yes + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +example.com. 3600 IN NS ns.example.net. +www.example.com. 3600 IN A 1.2.3.4 +mail.example.com. 3600 IN A 1.2.3.4 +mail.example.com. 3600 IN A 1.2.3.5 +mail.example.com. 3600 IN A 1.2.3.6 +mail.example.com. 3600 IN A 1.2.3.7 +zup.example.com. 3600 IN A 1.2.3.4 +yyy.example.com. 3600 IN A 1.2.3.4 +yyy.example.com. 3600 IN AAAA ::5 +r1.example.com. 3600 IN A 1.2.3.4 +r1.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= +r2.example.com. 3600 IN A 1.2.3.4 +r2.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= +r2.example.com. 3600 IN RRSIG AAAA 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= +r3.example.com. 3600 IN A 1.2.3.4 +r3.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= +r3.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= +add.example.com. 3600 IN A 1.2.3.4 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with IXFR + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN SOA +SECTION ANSWER +; serial, refresh, retry, expire, minimum +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN IXFR +SECTION ANSWER +example.com. IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600 +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +www.example.com. IN A 1.2.3.4 +mail.example.com. 3600 IN A 1.2.3.6 +zup.example.com. 3600 IN A 1.2.3.4 +yyy.example.com. 3600 IN AAAA ::5 +r1.example.com. 3600 IN A 1.2.3.4 +r2.example.com. 3600 IN A 1.2.3.4 +r3.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= +example.com. IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600 +EXTRA_PACKET +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN IXFR +SECTION ANSWER +www.example.com. IN A 1.2.3.5 +mail.example.com. 3600 IN A 1.2.3.8 +mail.example.com. IN AAAA ::5 +example.com. IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 1.2.3.4 +ENTRY_END + +STEP 30 TIME_PASSES ELAPSE 3600 +STEP 40 TRAFFIC + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 1.2.3.5 +ENTRY_END + +; the zonefile was updated with new contents +STEP 70 CHECK_TEMPFILE example.com +FILE_BEGIN +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600 +example.com. 3600 IN NS ns.example.net. +add.example.com. 3600 IN A 1.2.3.4 +mail.example.com. 3600 IN A 1.2.3.4 +mail.example.com. 3600 IN A 1.2.3.5 +mail.example.com. 3600 IN A 1.2.3.7 +mail.example.com. 3600 IN A 1.2.3.8 +mail.example.com. 3600 IN AAAA ::5 +r1.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= +r2.example.com. 3600 IN RRSIG AAAA 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= +r2.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= +r3.example.com. 3600 IN A 1.2.3.4 +r3.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= +www.example.com. 3600 IN A 1.2.3.5 +yyy.example.com. 3600 IN A 1.2.3.4 +FILE_END + +SCENARIO_END